RansomWare is not exactly new – being the fastest growing cyber threat for the past few years – but this approach is new in that once downloaded, it spreads itself using a variety of methods, first looking for an existing backdoor called DoublePulsar left by previous malware and if not found, it takes advantage of what is widely believe to be an NSA exploit tool called EternalBlue (leaked to the Internet) to take advantage of a flaw in Windows (see MS17-010) that Microsoft provided a fix for in March 2017 but many companies have not applied.

How to Stay Safe

Plug the Holes

Install all available security updates from Microsoft as a first step – the key exploit that enabled WannaCry to spread so effectively has already been fixed in an update by Microsoft but if its not installed, its not much good!

Deploy Protection

Anti-Ransomware Endpoint software appears to be effective against this new threat, again highlighting the importance of a good business class security solution.

Don’t Open the Door

Unfortunately behaviours are still the root cause of most infections so ask all your users to be especially vigilant, not download anything unknown or unsolicited and question unexpected emails even from known senders.

Backup Offsite

One of the simplest mitigations I’ve seen to the threat of ransomware is a comprehensive, automated offsite backup – allowing you to simple clean the infection, purge the files and restore from backup.

Disable SMB V1.0

Wherever possible, disable SMB V1.0 as with this blocked, WannaCry can only compromise a remote system via a pre-existing backdoor (e.g. DoublePulsar) which is far less likely.

Turn off That Old Kit!

If you’ve got old machines running somewhere that are no longer supported by Microsoft (such as Windows XP, Server 2003, etc.) and you can possible live without them, turn them off or disconnect them from the network!

2 comments on «Protect Yourself from WannaCry RansomWare»

Thanks for the advices! In addition to Winupdate: Check if KB4019264 update is visible in Installed Update section of ControlPanel. KB4019264 contains KB4015549 which contains KB4012215 security sum for March 2017. The last one is the best released securty update againts WannaCry.